Is there a way to get an https link

Is there a way to get https link for a page using the kirby?

Let’s say I’m in a http page, but redirecting to a secure page for checkout, I want to do $page('checkout')->url() and get an https link.

Thanks!

Hello! Maybe a stupid question but why not use https everywhere?

I want to, but I’m not content management - and the people who do don’t always embed https resources. so sometimes we get stuff that won’t load since it’s not https.

It’s off-topic, but you can load http assets through https using a camouflage-proxy.

Doing so, you avoid both active and passive mixed content (loading http over https).

https://www.w3.org/TR/2014/WD-mixed-content-20140722/#categories

Thanks, still I would like to know if there is a way to do that, it would really be helpful me thinks.

You could use str_replace('http://', 'https://', $url), but as @Thiousi wrote, using HTTPS for everything is the better solution, also because HTTPS is the future. :slight_smile:

1 Like

Again. I agree. But its not completely under control.

This us the solution Im using so far btw. Just wantesd to see if there is a more elegant way.

Depending on your use case you could wrap that code in a custom kirbytext tag or in a plugin.

How are you using it at the moment ?

Kirby-tag

(link: my-secure-page.html text: foo-bar class:https) (image: my-secure-image.png class:https)

On page load

$('a.https').each(function(index) {
 $(this).attr('href', $(this).attr('href').replace(/^http:\/\//i, 'https://'));
});

$('img.https').each(function(index) {
 $(this).attr('src', $(this).attr('src').replace(/^http:\/\//i, 'https://'));
});

This way, all assets with the https-class are converted to their https equivalent.

Not very gentle to depend on javascript for creating a secure-link, but it works.


Hmmm… of course the images are loaded twice now - so maybe do this on php level.

Right now its literally just printing str_replace("http://","https://",page("pagename")->url()) like it was suggested (its a link)

Its not part of a kirby text. Might just make a helper function called secureURL that does this. Just wanted to see uf theres a built in way.

Re: 1n3j…
Its not in a kirbytext tag.

Why do you always do such stuff with JavaScript? :wink:

I don’t :stuck_out_tongue_winking_eye: - but I didn’t know the user-scenario.

So you can advice a PHP-solution, but that doesn’t matter when it’s client-side based…

(and to be honest; I like client-side more than PHP - I am a cartoonist, not an OO programmer… I love design and do script procedural… not OO).

Are you in control of your webserver configuration? If yes, what webserver and version you are using?

I have cpanel access, but thats it. How dies that make a difference? Im talking about kirby configuration.

The reason why @Adspectus was asking is that you do not enforce https with just using an https link. To enforce https you would need to define a rewrite rule in your httpd.conf or your .htaccess (if you haven’t already done so and using the https link is not just an additional goody)

Oh yea, I knew about that… but most of my site is http, and jsut some pages are https… is that possible to do, especially when the content managers can name the pages whatever they want?
Also, I need to post a form for the https, if I do a .htaccess redirect would the post variables carry over? or will it redirect without?

Second question first: Yes, that is possible but it makes things more complex. Better make sure that your form is submitted directly via https.

The answer to the first question depends on the general structure of your site. You’ll need to make sure that there is any common criteria in the pages name or path that can be matched by a rewrite rule.

However, as other authors wrote, I can hardly understand why it should not be possible to switch completely to https. This would be the best solution if you want to make sure that critical parts of your site can not accessed in an unsecure way.

With that approach, you miss the whole point of HTTPS. Because in that case all data will be submitted unencrypted with the first request. :slight_smile:

yes, I know, but let me explain better.

in http user choses a program and is moved to a https pages - this page knows which program user choose using post, but no sensitive info is given yet.

now the checkout page knows the product, and is https, and now we get sensitive information. so I’m not loosing any https work.

And again, I would love to switch completely to https, the content managers on the other side… they use content from different places that isn’t always secure, and https blocks that content from loading, and then they cry to me and force me to return pages to http (I already changed everything to https and they forced me to revert)

What sort of content is that? I’m curious